A Local Area Network (LAN) is a computer network covering a small physical area, like a home, office, or small group of buildings. It is common nowadays that its backbone is a cluster of switches, where routers, computers, servers, data storage elements, and various types of computing and networking devices are connected.
Network security comprises the provisions made in the underlying LAN, management policies to protect the network and the network-accessible resources from unauthorized access, and continuous evaluation of its effectiveness. Traditionally, much attention has been dedicated to protecting the LAN from external intruders. Recently the focus has been shifted to intra-LAN security: protecting resources from attack or simple mistakes by people inside the organization.
Regular computers nowadays usually comprise high performance CPUs, sizeable hard disks, and a complete operating system (OS), loaded with an array of application software. However, there begins the emergence of ‘thin-client’ computers, driven by cost reduction in computer ownership and the virtualization technological advancement. Thin-client computers behave more like computer terminals whose functions are primarily for entering and displaying data. Thin-client computers have low system requirements: a low performance CPU, a small storage, a boot loader, and a virtual desktop client software application. They rely on the virtual desktop client to communicate to its virtual desktop server on its LAN. Once they run the virtual desktop client, they receive user inputs and display the computing results, and the computing is actually performed on the virtual desktop server via virtual machine (VM). A VM is a software implementation of a computer that executes programs like a real machine.
The presence of thin-client computers represents the change of data traffic pattern in the LAN. The confluence of the traffic is the virtual desktop server(s). The thin-client computers send user inputs to the virtual desktop server and the virtual desktop server sends back the desktop display outputs. The virtual desktop server exchanges data packets with various computing and networking resources on the LAN as the VMs are running on the virtual desktop server. That hub-and-spoke data traffic pattern makes the virtual desktop server an excellent choice for applying intra-LAN security management policy.
Furthermore, the presence of thin-client computers presents a new capability and hence, an array of opportunities, in network security management. The virtual desktop server has privilege access to the VMs running on it. In other words, it has visibility into all computing activities of the VMs representing the thin-client computers. Therefore, the network administrators can possess superior power in monitoring and controlling computing activities given the appropriate tools on the virtual desktop server.
That said, the transition from a LAN full of regular computers to a LAN full of thin-client computers may be gradual. Having a mixture of the two classes of computers on the LAN is expected.
Against that backdrop, the invention disclosed is to exploit the intra-LAN security potential in the virtual desktop client and server LAN environment while addressing the possible presence of regular computers.